Security, privacy experts slam UK Online Safety Bill in open letter

Almost 70 UK information security and cryptography researchers have signed an open letter strongly opposing the UK Online Safety Bill, raising concerns over its interaction with security and privacy technologies. The letter criticizes the bill’s proposal to technologically enable the routine monitoring of personal, business, and civil society online communications to prevent the dissemination of child sexual exploitation and abuse (CSEA) content.

The letter stated that, while the 68 signatories cannot speak to the relative merit of this step in preventing harm to children in our professional capacities, they can confirm such monitoring is categorically incompatible with maintaining today’s online communication protocols that offer privacy guarantees. Attempts to sidestep this contradiction are doomed to fail on the technological and societal level, while compromise of the monitoring infrastructure could lead to national security risks, it added.

What’s more, the letter noted that several international communication providers have indicated that they will refuse to comply with Online Safety Bill orders that compromise the security and privacy of their customers, threatening to leave the UK market. This puts those in the UK in a vulnerable situation, having to adopt compromised and weak solutions for online interactions, it added.

It is a crucial time for the Online Safety Bill, as it is being discussed in the House of Lords before being returned to the Commons this summer. It has come under stark criticism across the board for months. Last November, 70 organisations, cybersecurity experts, and elected officials signed an open letter highlighting their concerns that the legislation could attack end-to-end encryption.

In April, leading technology firms signed another open letter opposing the bill, urging the UK government to address the risks it poses to data security, protection, and privacy. The letter argued that the bill poses an unprecedented threat to the privacy, safety, and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.

The most recent letter cited significant issues relating to two methods for accessing protected messages. The first is while data is in transit and protected by cryptography, and the second is data before/after transit on the involved clients.

Monitoring infrastructure compromise presents national security threats

In relation to the first, there is no technological solution to the contradiction inherent in both keeping information confidential from third parties and sharing that same information with third parties, the letter read. “Giving the State the technological means to access every private message and image implies that any actor with access to the relevant monitoring facilities will have the same access. Such actors include future governments with looser definitions of prohibited content, civil servants and police officers across different departments and forces, and any adversary who compromises the monitoring infrastructure.” Such compromises are not just an abstract possibility but eventualities to prepare for, the letter added, particularly when keeping in mind recent high-profile breaches at the national security level, e.g., of US and UK security services.

“The history of ‘no one but us’ cryptographic backdoors is a history of failures, from the Clipper chip to DualEC,” the letter read. “All technological solutions being put forward share that they give a third-party access to private speech, messages and images under some criteria defined by that third party.”

Client-side message scanning introduces several issues

The second method for accessing protected messages – scanning data before/after transit on the involved clients (client-side scanning) – introduces other problems, according to the letter. “This would amount to placing a mandatory, always-on automatic wiretap in every device to scan for prohibited content. This idea of a “police officer in your pocket” has the immediate technological problem that it must both be able to accurately detect and reveal the targeted content and not detect and reveal content that is not targeted, even assuming a precise agreement on what ought to be targeted.”

Proposals for client-side scanning come in two variants. The first is to detect known images of abuse held in a database maintained by an authority, the letter stated. “These technologies have been shown to have several issues. Foremost, research has shown that client-side scanning does not robustly achieve its primary objective, i.e., detect known prohibited content. Furthermore, it has recently been shown that these algorithms can be repurposed to add hidden secondary capabilities (e.g., facial recognition of target individuals) to client-side scanning, covertly enabling surveillance, it added,

Second, there are also more far-reaching proposals to mass-deploy AI models to scan messages for previously unseen but prohibited content relating to CSEA, according to the letter. “However, sufficiently reliable solutions for detecting CSEA content do not exist. This lack of reliability here can have grave consequences as a false positive hit means potentially sharing private, intimate, or sensitive messages or images with third parties, like private-company vetters, law enforcement, and anyone with access to the monitoring infrastructure.”